﻿using Candy.Web.Data;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Runtime.Serialization;
using System.Security.Principal;
using System.ServiceModel.DomainServices.Hosting;
using System.ServiceModel.DomainServices.Server;
using System.ServiceModel.DomainServices.Server.ApplicationServices;
using System.Web.Profile;
using System.Web.Security;

namespace Candy.Web
{
    [EnableClientAccess]
    public class CandyAuth : AuthenticationBase<AuthUser>
    {
        // To enable Forms/Windows Authentication for the Web Application, edit the appropriate section of web.config file.
        protected override bool ValidateUser(string userName, string password)
        {
            //allways unlock locked user
            var user = Membership.GetUser(userName);
            if (user != null && user.IsLockedOut)
            {
                user.UnlockUser();
                Membership.UpdateUser(user);
            }

            bool ret = base.ValidateUser(userName, password);
            return ret;
        }

        protected override AuthUser GetAuthenticatedUser(System.Security.Principal.IPrincipal principal)
        {
            AuthUser user = base.GetAuthenticatedUser(principal);
            var memUser = Membership.GetUser(principal.Identity.Name, true);
            user.UserID = (Guid)memUser.ProviderUserKey;
            user.EMail = memUser.Email;
            user.AllowedProjectCount = 1;

            if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_2"))
            {
                user.AllowedProjectCount = 2;
            }
            if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_5"))
            {
                user.AllowedProjectCount = 5;
            }
            if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_Unlimited"))
            {
                user.AllowedProjectCount = int.MaxValue;
            }


            return user;
        }

        internal AuthUser GetAuthenticatedUserInternal(System.Security.Principal.IPrincipal principal)
        {
            try
            {
                AuthUser user = base.GetAuthenticatedUser(principal);

                var memUser = Membership.GetUser(principal.Identity.Name, true);

                user.UserID = (Guid)memUser.ProviderUserKey;
                user.EMail = memUser.Email;
                user.AllowedProjectCount = 1;

                if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_2"))
                {
                    user.AllowedProjectCount = 2;
                }
                if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_5"))
                {
                    user.AllowedProjectCount = 5;
                }
                if (Roles.IsUserInRole(user.Name, "MaxProjectCreationPolicy_Unlimited"))
                {
                    user.AllowedProjectCount = int.MaxValue;
                }

                return user;
            }
            catch (Exception ex)
            {
                return null;
            }
        }

        public AuthUser GetUserByName(string username)
        {
            var p = new DummyPrinicpal(username);
            return GetAuthenticatedUserInternal(p);
        }

        private class DummyPrinicpal : IPrincipal
        {

            private IIdentity _identity;
            public DummyPrinicpal(string user)
            {
                _identity = new DummyIdentity(user);

            }

            public IIdentity Identity
            {
                get { return _identity; }
            }

            public bool IsInRole(string role)
            {
                throw new NotImplementedException();
            }

            private class DummyIdentity : IIdentity
            {
                private string userName;
                public DummyIdentity(string user)
                {
                    userName = user;
                }

                public string AuthenticationType
                {
                    get { throw new NotImplementedException(); }
                }

                public bool IsAuthenticated
                {
                    get { throw new NotImplementedException(); }
                }

                public string Name
                {
                    get { return userName; }
                }
            }
        }
    }

    public class AuthUser : UserBase
    {
        // NOTE: Profile properties can be added here 
        // To enable profiles, edit the appropriate section of web.config file.

        [Exclude]
        internal string EMail { get; set; }

        [DataMember]
        public string FriendlyName { get; set; }

        [DataMember]
        public string PictureURL { get; set; }

        [ProfileUsage(IsExcluded = true)]
        [DataMember]
        public int AllowedProjectCount { get; set; }

        [ProfileUsage(IsExcluded = true)]
        [DataMember]
        public Guid UserID { get; set; }
    }


}